Cyber Incident Victim: Bannock County
Date:
Jun 2020
Location:
United States of America
Summary
Bannock County experienced unauthorized access to its computer network, prompting an internal investigation with assistance from cybersecurity experts who successfully retrieved the illegally obtained data. Forensic analysis confirmed the acquisition of sensitive personal information, including names, Social Security numbers, driver's license or state identification details, and financial account data. While no actual or attempted misuse of the compromised information has been detected, the county implemented additional security measures and notified potentially affected individuals to promote vigilance against identity theft and fraud. The organization emphasized its commitment to information security through policy reviews and enhanced safeguards following the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Bannock County, Idaho, detected potential unauthorized access to its computer network on June 30, 2020, with the intrusion occurring approximately eight days earlier on or around June 22, 2020. The county immediately initiated an internal investigation into the security breach and engaged a cybersecurity firm to assist in locating and retrieving the data illegally obtained by the unauthorized actor. This retrieval effort was successfully completed. Subsequently, Bannock County retained outside legal counsel, which coordinated a forensic investigation to analyze the incident's nature and scope. On July 22, 2020—three weeks after the initial discovery—forensic investigators confirmed that personal information had been accessed and exfiltrated by the threat actor. The county then conducted an extensive review of the compromised data to identify affected individuals and specific data elements involved, a process described as thorough and lengthy due to the need for precise impact assessment.
The investigation determined that accessed information included names, Social Security numbers, driver's license or state identification card numbers, and financial account details. Bannock County explicitly stated no evidence of actual or attempted misuse of this data had been identified at the time of their public notification on February 11, 2021, but issued advisories as a precautionary measure. In response to the incident, the county prioritized a review of existing security policies and procedures, committing to implement additional safeguards where necessary. Internal IT teams collaborated with external cybersecurity experts throughout the containment and remediation phases. Affected individuals were directed to monitor account statements and credit reports, though the county emphasized these recommendations were voluntary protective measures rather than indications of confirmed fraud. A dedicated assistance line and mailing address were established to address inquiries from potentially impacted parties.